Privacy & Cybersecurity

Texas covered entities (health care providers, health insurers and clearinghouses) and other entities that use and disclose PHI of Texas residents using electronic health records (EHRs) face new risks and stringent requirements under HB300, a new Texas privacy law. 

It is time for covered entities and business associates to jump start HIPAA privacy and security programs and make sure that everything is in compliance.   GovInfoSecurity reports that the Department of Health and Human Services (HHS) has awarded a $9.2 million contract to KPMG to develop protocols for conducting the long-awaited HITECH Act-mandated HIPAA compliance audit program. 

Regular readers of this blog will be familiar with my view that difficulty in proving actual damages poses challenges to would-be plaintiffs in privacy class actions. 

In a settlement announced by the Federal Trade Commission (“FTC”) on June 27, 2011, Teletrack, Inc. agreed to pay $1.8 million to settle FTC charges that it violated the Fair Credit Reporting Act (“FCRA”) by selling consumer reports to marketers without a “permissible purpose.”

Bank Info Security reports that a magistrate for the U.S. District Court in Maine issued an Order that further defines what constitutes “reasonable” security practices.

On Monday, a federal judge in Los Angeles issued an order granting final approval to a previously-announced settlement of consolidated class actions alleging that the use of so-called “flash cookies” in connection with advertising on web sites resulted in unauthorized tracking of web users’ browsing activity.

The United States District Court for the Northern District of California has dismissed the claims of the plaintiffs against Facebook in the case of In re: Facebook Privacy Litigation. 

The Chairman of the Federal Trade Commission, Jon Leibowitz, said: It's the law, it's the right thing to do, and, as today's settlement demonstrates, violating COPPA will not come cheap.

With the inevitability of death and taxes, data breaches spawn class action lawsuits. The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment. 

There have been hundreds of articles written in the past week on the Sony Playstation Network breaches. Cynthia Larose, chair of Mintz Levin's Privacy and Data Security practice, has been quoted in several articles over the weekend, including The Wall Street Journal, Reuters, and The Chicago Tribune.

We've had the Epsilon breach. We've had Sony Breach One and Sony Breach Two. Today, Bloomberg News reports on a breach that may be, as one security expert in the article calls it, "the nastiest password hack in history...." LastPass is reporting that hackers may have broken into its database and stolen info on as many as 1.25 million users.

Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack.

There are many articles being written and blogged today regarding the PSN breach. The Hill reports this afternoon that Representative Mary Bono Mack (R-CA) has announced a plan to introduce legislation to protect online consumer information.

The Centers for Medicare & Medicaid Services (CMS) has released proposed regulations establishing Accountable Care Organizations (ACOs) and creating the Medicare Shared Savings Program (the Program).

Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack.

Apple has published a Q&A document to educate consumers on the back story relating to collection of location data. 

Lawmakers including Senate Judiciary Subcommittee on Privacy Chairman Al Franken (D-MN) and House Bi-Partisan Privacy Caucus Co-Chairman Ed Markey (D-MA) are scrutinizing Apple Inc.’s and Google Inc.’s practices of tracking users’ location information through their mobile phones. 

On Tuesday, the US Supreme Court heard arguments (transcripts here) about whether or not the Vermont data mining law violates free speech by preventing pharmaceutical manufacturers and their sales people from obtaining data on physician prescription habits.

As we have been saying since the beginning of the new session of Congress, it appears that privacy is the true bipartisan issue. 

By now, you've probably received one or more emails like this: